• E
    User

    ... si, virit ha rimosso tre file infetti da virus... adaware ha trovato dei cookies e superantisyware un trojan horse generator... ecco il nuovo log file..

    Logfile of Trend Micro HijackThis v2.0.0 (BETA)
    Scan saved at 10.14.58, on 03/04/2007
    Platform: Windows XP SP1 (WinNT 5.01.2600)
    Boot mode: Normal
    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\System32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\System32\S24EvMon.exe
    C:\WINDOWS\system32\spoolsv.exe
    c:\windows\system32\winlogon.exe
    C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
    C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
    C:\WINDOWS\System32\RegSrvc.exe
    C:\WINDOWS\sysrss32.exe
    C:\VEXPLITE\viritsvc.exe
    C:\WINDOWS\system32\ZCfgSvc.exe
    C:\WINDOWS\Explorer.EXE
    C:\Programmi\Synaptics\SynTP\SynTPLpr.exe
    C:\Programmi\Synaptics\SynTP\SynTPEnh.exe
    C:\Programmi\ASUS\Power4 Gear\BatteryLife.exe
    C:\WINDOWS\ATK0100\Hcontrol.exe
    C:\Progra~1\ATI Technologies\ATI Control Panel\atiptaxx.exe
    C:\WINDOWS\System32\rundll32.exe
    C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
    C:\VEXPLITE\MONLITE.EXE
    C:\WINDOWS\System32\ctfmon.exe
    C:\Programmi\SUPERAntiSpyware\SUPERAntiSpyware.exe
    C:\WINDOWS\System32\1XConfig.exe
    C:\Programmi\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
    C:\PROGRA~1\Webshots\webshots.scr
    C:\WINDOWS\ATK0100\ATKOSD.exe
    C:\PROGRA~1\Grisoft\AVG7\avgw.exe
    C:\WINDOWS\System32\wuauclt.exe
    C:\Documents and Settings\Francy\Desktop\HiJackThis_v2.exe
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.corriere.it/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.asus.com.tw
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\Adobe\Acrobat 5.0\Acrobat\ActiveX\AcroIEHelper.ocx
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Programmi\Spybot - Search & Destroy\SDHelper.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\programmi\google\googletoolbar2.dll
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programmi\google\googletoolbar2.dll
    O4 - HKLM..\Run: [SynTPLpr] C:\Programmi\Synaptics\SynTP\SynTPLpr.exe
    O4 - HKLM..\Run: [SynTPEnh] C:\Programmi\Synaptics\SynTP\SynTPEnh.exe
    O4 - HKLM..\Run: [QuickTime Task] "C:\Programmi\K-Lite Codec Pack\QuickTime\bak\qttask.exe" -atboottime
    O4 - HKLM..\Run: [PRONoMgr.exe] c:\Programmi\Intel\PROSetWireless\NCS\PROSet\PRONoMgr.exe
    O4 - HKLM..\Run: [Power_Gear] C:\Programmi\ASUS\Power4 Gear\BatteryLife.exe 1
    O4 - HKLM..\Run: [iTunesHelper] "C:\Programmi\iTunes\iTunesHelper.exe"
    O4 - HKLM..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb03.exe
    O4 - HKLM..\Run: [Hcontrol] C:\WINDOWS\ATK0100\Hcontrol.exe
    O4 - HKLM..\Run: [ATIPTA] C:\Progra~1\ATI Technologies\ATI Control Panel\atiptaxx.exe
    O4 - HKLM..\Run: [ATIModeChange] Ati2mdxx.exe
    O4 - HKLM..\Run: [ASUS Live Update] C:\Programmi\ASUS\ASUS Live Update\ALU.exe
    O4 - HKLM..\Run: [AdslTaskBar] rundll32.exe stmctrl.dll,TaskBar
    O4 - HKLM..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
    O4 - HKLM..\Run: [VIRIT LITE MONITOR] C:\VEXPLITE\MONLITE.EXE
    O4 - HKCU..\Run: [swg] C:\Programmi\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
    O4 - HKCU..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
    O4 - HKCU..\Run: [Windows Service Update] C:\WINDOWS\System32\crsss.exe
    O4 - HKCU..\Run: [SUPERAntiSpyware] C:\Programmi\SUPERAntiSpyware\SUPERAntiSpyware.exe
    O4 - HKUS\S-1-5-19..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVIZIO LOCALE')
    O4 - HKUS\S-1-5-19..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SERVIZIO LOCALE')
    O4 - HKUS\S-1-5-20..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVIZIO DI RETE')
    O4 - HKUS\S-1-5-18..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS.DEFAULT..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
    O4 - Startup: Webshots.lnk = C:\Programmi\Webshots\Launcher.exe
    O4 - Global Startup: Microsoft Office.lnk = C:\Programmi\Microsoft Office\Office10\OSA.EXE
    O4 - Global Startup: Acrobat Assistant.lnk = C:\Programmi\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
    O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
    O14 - IERESET.INF: START_PAGE_URL=http://www.asus.com.tw
    O20 - Winlogon Notify: !SASWinLogon - C:\Programmi\SUPERAntiSpyware\SASWINLO.dll
    O22 - SharedTaskScheduler: Precaricatore Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\System32\browseui.dll
    O22 - SharedTaskScheduler: Daemon di cache delle categorie di componenti - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\System32\browseui.dll
    O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
    O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
    O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Programmi\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: iPod Service - Apple Computer, Inc. - C:\Programmi\iPod\bin\iPodService.exe
    O23 - Service: RegSrvc - Intel Corporation - C:\WINDOWS\System32\RegSrvc.exe
    O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\WINDOWS\System32\S24EvMon.exe
    O23 - Service: Windows Server Management Services (Server Management Services) - Unknown owner - C:\WINDOWS\sysrss32.exe
    O23 - Service: Virit eXplorer Lite (viritsvclite) - TG Soft Sas www.tgsoft.it - C:\VEXPLITE\viritsvc.exe

    End of file - 5905 bytes

    0
  • wolf.otakar
    Consiglio Direttivo

    Ciao elliot,
    fixa queste due chiavi con hijackthis:

    O4 - HKCU..\Run: [Windows Service Update] C:\WINDOWS\System32\crsss.exe

    O23 - Service: Windows Server Management Services (Server Management Services) - Unknown owner - C:\WINDOWS\sysrss32.exe

    Se hijack non riesce ad eliminare queste chiavi, useremo The avenger;

    Avvia the avenger, seleziona la funzione Input Script Manually; clicca poi sulla lente d'ingrandimento; si aprira' subito una finestra!

    Inserisci queste righe:

    Files to delete:
    C:\WINDOWS\sysrss32.exe
    C:\WINDOWS\System32\crsss.exe

    Poi:
    clicca su Done ---> semaforo Verde ---> Yes, su tutte le domande.

    Il pc dovrebbe riavviarsi da solo! Fatto questo posta il log di the avenger, lo trovi in C:/avenger.txt

    :ciauz:

    p.s. installa il service pack 2, per una maggiore protezione! 😉

    0
  • E
    User

    .. grazie del consiglio... penso che neanche avenger sia riuscito ad eliminare uno dei file... la pagina di IE ho scoperto che si è sbloccata, ma ora cade la connessione dopo pochi secondi...

    Logfile of The Avenger version 1, by Swandog46
    Running from registry key:
    \Registry\Machine\System\CurrentControlSet\Services\dosbqodm

    Script file located at: ??\C:\Documents and Settings\dchcfplg.txt
    Script file opened successfully.

    Script file read successfully

    Backups directory opened successfully at C:\Avenger

    Beginning to process script file:

    File C:\WINDOWS\sysrss32.exe deleted successfully.

    File C:\WINDOWS\System32\crsss.exe not found!
    Deletion of file C:\WINDOWS\System32\crsss.exe failed!

    Could not process line:
    C:\WINDOWS\System32\crsss.exe
    Status: 0xc0000034

    Completed script processing.

    Finished! Terminate.

    0
  • E
    User

    allora avenger non ha trovato crsss e ha eliminato l'altro... però poi facendo di nuovo la scansione con Hijack è di nuovo lì... nel frattempo ho scoperto che la pagina prinicpale di IE si è sbloccata, ma si apre sempre in modalità non in linea, se reimposto la modalità in linea, chiudo e riapro è di nuovo non in linea... in più adesso la connessione cade dopo pochi secondi.. cmq...

    questo è il log file di avenger

    Logfile of The Avenger version 1, by Swandog46
    Running from registry key:
    \Registry\Machine\System\CurrentControlSet\Services\dosbqodm

    Script file located at: ??\C:\Documents and Settings\dchcfplg.txt
    Script file opened successfully.

    Script file read successfully

    Backups directory opened successfully at C:\Avenger

    Beginning to process script file:

    File C:\WINDOWS\sysrss32.exe deleted successfully.

    File C:\WINDOWS\System32\crsss.exe not found!
    Deletion of file C:\WINDOWS\System32\crsss.exe failed!

    Could not process line:
    C:\WINDOWS\System32\crsss.exe
    Status: 0xc0000034

    Completed script processing.

    Finished! Terminate.

    ... e questo il log file di Hijack..

    Logfile of Trend Micro HijackThis v2.0.0 (BETA)
    Scan saved at 18.49.03, on 03/04/2007
    Platform: Windows XP SP1 (WinNT 5.01.2600)
    Boot mode: Normal
    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\System32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\System32\S24EvMon.exe
    C:\WINDOWS\system32\spoolsv.exe
    c:\windows\system32\services.exe
    C:\WINDOWS\System32\RegSrvc.exe
    C:\VEXPLITE\viritsvc.exe
    C:\WINDOWS\system32\ZCfgSvc.exe
    C:\WINDOWS\Explorer.EXE
    C:\Programmi\Synaptics\SynTP\SynTPLpr.exe
    C:\Programmi\Synaptics\SynTP\SynTPEnh.exe
    C:\Programmi\ASUS\Power4 Gear\BatteryLife.exe
    C:\WINDOWS\ATK0100\Hcontrol.exe
    C:\Progra~1\ATI Technologies\ATI Control Panel\atiptaxx.exe
    C:\WINDOWS\System32\1XConfig.exe
    C:\WINDOWS\System32\rundll32.exe
    C:\VEXPLITE\MONLITE.EXE
    C:\WINDOWS\System32\ctfmon.exe
    C:\Programmi\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
    C:\PROGRA~1\Webshots\webshots.scr
    C:\WINDOWS\ATK0100\ATKOSD.exe
    C:\WINDOWS\System32\wuauclt.exe
    C:\Documents and Settings\Francy\Desktop\HiJackThis_v2.exe
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.corriere.it/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.asus.com.tw
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\Adobe\Acrobat 5.0\Acrobat\ActiveX\AcroIEHelper.ocx
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Programmi\Spybot - Search & Destroy\SDHelper.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\programmi\google\googletoolbar2.dll
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programmi\google\googletoolbar2.dll
    O4 - HKLM..\Run: [SynTPLpr] C:\Programmi\Synaptics\SynTP\SynTPLpr.exe
    O4 - HKLM..\Run: [SynTPEnh] C:\Programmi\Synaptics\SynTP\SynTPEnh.exe
    O4 - HKLM..\Run: [QuickTime Task] "C:\Programmi\K-Lite Codec Pack\QuickTime\bak\qttask.exe" -atboottime
    O4 - HKLM..\Run: [PRONoMgr.exe] c:\Programmi\Intel\PROSetWireless\NCS\PROSet\PRONoMgr.exe
    O4 - HKLM..\Run: [Power_Gear] C:\Programmi\ASUS\Power4 Gear\BatteryLife.exe 1
    O4 - HKLM..\Run: [iTunesHelper] "C:\Programmi\iTunes\iTunesHelper.exe"
    O4 - HKLM..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb03.exe
    O4 - HKLM..\Run: [Hcontrol] C:\WINDOWS\ATK0100\Hcontrol.exe
    O4 - HKLM..\Run: [ATIPTA] C:\Progra~1\ATI Technologies\ATI Control Panel\atiptaxx.exe
    O4 - HKLM..\Run: [ATIModeChange] Ati2mdxx.exe
    O4 - HKLM..\Run: [ASUS Live Update] C:\Programmi\ASUS\ASUS Live Update\ALU.exe
    O4 - HKLM..\Run: [AdslTaskBar] rundll32.exe stmctrl.dll,TaskBar
    O4 - HKLM..\Run: [kqzlaa.exe] C:\WINDOWS\TEMP\kqzlaa.exe
    O4 - HKLM..\Run: [VIRIT LITE MONITOR] C:\VEXPLITE\MONLITE.EXE
    O4 - HKCU..\Run: [swg] C:\Programmi\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
    O4 - HKCU..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
    O4 - HKUS\S-1-5-19..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVIZIO LOCALE')
    O4 - HKUS\S-1-5-20..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVIZIO DI RETE')
    O4 - HKUS\S-1-5-18..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS.DEFAULT..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
    O4 - Startup: Webshots.lnk = C:\Programmi\Webshots\Launcher.exe
    O4 - Global Startup: Microsoft Office.lnk = C:\Programmi\Microsoft Office\Office10\OSA.EXE
    O4 - Global Startup: Acrobat Assistant.lnk = C:\Programmi\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
    O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
    O14 - IERESET.INF: START_PAGE_URL=http://www.asus.com.tw
    O22 - SharedTaskScheduler: Precaricatore Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\System32\browseui.dll
    O22 - SharedTaskScheduler: Daemon di cache delle categorie di componenti - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\System32\browseui.dll
    O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Programmi\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: iPod Service - Apple Computer, Inc. - C:\Programmi\iPod\bin\iPodService.exe
    O23 - Service: RegSrvc - Intel Corporation - C:\WINDOWS\System32\RegSrvc.exe
    O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\WINDOWS\System32\S24EvMon.exe
    O23 - Service: Windows Server Management Services (Server Management Services) - Unknown owner - C:\WINDOWS\sysrss32.exe (file missing)
    O23 - Service: Virit eXplorer Lite (viritsvclite) - TG Soft Sas www.tgsoft.it - C:\VEXPLITE\viritsvc.exe

    End of file - 5110 bytes

    0
  • E
    User

    allora avenger non ha trovato crsss e ha eliminato l'altro... però poi facendo di nuovo la scansione con Hijack è di nuovo lì... nel frattempo ho scoperto che la pagina prinicpale di IE si è sbloccata, ma si apre sempre in modalità non in linea, se reimposto la modalità in linea, chiudo e riapro è di nuovo non in linea... in più adesso la connessione cade dopo pochi secondi.. cmq...

    questo è il log file di avenger

    Logfile of The Avenger version 1, by Swandog46
    Running from registry key:
    \Registry\Machine\System\CurrentControlSet\Service s\dosbqodm

    Script file located at: ??\C:\Documents and Settings\dchcfplg.txt
    Script file opened successfully.

    Script file read successfully

    Backups directory opened successfully at C:\Avenger

    Beginning to process script file:

    File C:\WINDOWS\sysrss32.exe deleted successfully.

    File C:\WINDOWS\System32\crsss.exe not found!
    Deletion of file C:\WINDOWS\System32\crsss.exe failed!

    Could not process line:
    C:\WINDOWS\System32\crsss.exe
    Status: 0xc0000034

    Completed script processing.

    Finished! Terminate.

    ... e questo il log file di Hijack..

    Logfile of Trend Micro HijackThis v2.0.0 (BETA)
    Scan saved at 18.49.03, on 03/04/2007
    Platform: Windows XP SP1 (WinNT 5.01.2600)
    Boot mode: Normal
    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\System32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\System32\S24EvMon.exe
    C:\WINDOWS\system32\spoolsv.exe
    c:\windows\system32\services.exe
    C:\WINDOWS\System32\RegSrvc.exe
    C:\VEXPLITE\viritsvc.exe
    C:\WINDOWS\system32\ZCfgSvc.exe
    C:\WINDOWS\Explorer.EXE
    C:\Programmi\Synaptics\SynTP\SynTPLpr.exe
    C:\Programmi\Synaptics\SynTP\SynTPEnh.exe
    C:\Programmi\ASUS\Power4 Gear\BatteryLife.exe
    C:\WINDOWS\ATK0100\Hcontrol.exe
    C:\Progra~1\ATI Technologies\ATI Control Panel\atiptaxx.exe
    C:\WINDOWS\System32\1XConfig.exe
    C:\WINDOWS\System32\rundll32.exe
    C:\VEXPLITE\MONLITE.EXE
    C:\WINDOWS\System32\ctfmon.exe
    C:\Programmi\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
    C:\PROGRA~1\Webshots\webshots.scr
    C:\WINDOWS\ATK0100\ATKOSD.exe
    C:\WINDOWS\System32\wuauclt.exe
    C:\Documents and Settings\Francy\Desktop\HiJackThis_v2.exe
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.corriere.it/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.asus.com.tw
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\Adobe\Acrobat 5.0\Acrobat\ActiveX\AcroIEHelper.ocx
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Programmi\Spybot - Search & Destroy\SDHelper.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\programmi\google\googletoolbar2.dll
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programmi\google\googletoolbar2.dll
    O4 - HKLM..\Run: [SynTPLpr] C:\Programmi\Synaptics\SynTP\SynTPLpr.exe
    O4 - HKLM..\Run: [SynTPEnh] C:\Programmi\Synaptics\SynTP\SynTPEnh.exe
    O4 - HKLM..\Run: [QuickTime Task] "C:\Programmi\K-Lite Codec Pack\QuickTime\bak\qttask.exe" -atboottime
    O4 - HKLM..\Run: [PRONoMgr.exe] c:\Programmi\Intel\PROSetWireless\NCS\PROSet\PRONo Mgr.exe
    O4 - HKLM..\Run: [Power_Gear] C:\Programmi\ASUS\Power4 Gear\BatteryLife.exe 1
    O4 - HKLM..\Run: [iTunesHelper] "C:\Programmi\iTunes\iTunesHelper.exe"
    O4 - HKLM..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb0 3.exe
    O4 - HKLM..\Run: [Hcontrol] C:\WINDOWS\ATK0100\Hcontrol.exe
    O4 - HKLM..\Run: [ATIPTA] C:\Progra~1\ATI Technologies\ATI Control Panel\atiptaxx.exe
    O4 - HKLM..\Run: [ATIModeChange] Ati2mdxx.exe
    O4 - HKLM..\Run: [ASUS Live Update] C:\Programmi\ASUS\ASUS Live Update\ALU.exe
    O4 - HKLM..\Run: [AdslTaskBar] rundll32.exe stmctrl.dll,TaskBar
    O4 - HKLM..\Run: [kqzlaa.exe] C:\WINDOWS\TEMP\kqzlaa.exe
    O4 - HKLM..\Run: [VIRIT LITE MONITOR] C:\VEXPLITE\MONLITE.EXE
    O4 - HKCU..\Run: [swg] C:\Programmi\Google\GoogleToolbarNotifier\1.2.1128 .5462\GoogleToolbarNotifier.exe
    O4 - HKCU..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
    O4 - HKUS\S-1-5-19..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVIZIO LOCALE')
    O4 - HKUS\S-1-5-20..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVIZIO DI RETE')
    O4 - HKUS\S-1-5-18..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS.DEFAULT..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
    O4 - Startup: Webshots.lnk = C:\Programmi\Webshots\Launcher.exe
    O4 - Global Startup: Microsoft Office.lnk = C:\Programmi\Microsoft Office\Office10\OSA.EXE
    O4 - Global Startup: Acrobat Assistant.lnk = C:\Programmi\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
    O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
    O14 - IERESET.INF: START_PAGE_URL=http://www.asus.com.tw
    O22 - SharedTaskScheduler: Precaricatore Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\System32\browseui.dll
    O22 - SharedTaskScheduler: Daemon di cache delle categorie di componenti - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\System32\browseui.dll
    O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Programmi\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: iPod Service - Apple Computer, Inc. - C:\Programmi\iPod\bin\iPodService.exe
    O23 - Service: RegSrvc - Intel Corporation - C:\WINDOWS\System32\RegSrvc.exe
    O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\WINDOWS\System32\S24EvMon.exe
    O23 - Service: Windows Server Management Services (Server Management Services) - Unknown owner - C:\WINDOWS\sysrss32.exe (file missing)
    O23 - Service: Virit eXplorer Lite (viritsvclite) - TG Soft Sas www.tgsoft.it - C:\VEXPLITE\viritsvc.exe

    End of file - 5110 bytes

    0
  • wolf.otakar
    Consiglio Direttivo

    Ciao elliot,
    fixa con hijackthis questa chiave:
    O4 - HKLM..\Run: [kqzlaa.exe] C:\WINDOWS\TEMP\kqzlaa.exe

    Se ricompare, eliminala con the avenger; stessa procedura di prima!

    Ecco il testo da inserire:

    **Files to delete:
    C:\WINDOWS\TEMP\kqzlaa.exe

    **Ti consiglio anche di fare una bella ripulita con ccleaner!

    p.s. resta cmq **sysrss32.exe **un po' sospetto!!!

    0
  • E
    User

    ... scusate ho messo diverse volte la stessa riposta ma non avevo visto che i messaggi venivano postati nella pagina successiva.. ho provato ad eliminare di nuovo sysrss32 con avenger, mi dice che non trova il file, quindi in teoria dovrebbe essere stato eliminato, ma se faccio ripartire Hijack nel log file compare di nuovo sempre nello stesso posto...

    0
  • wolf.otakar
    Consiglio Direttivo

    Puoi allegare qui nel forum, la lista dei processi attivi del task manager??

    Dal Prompt dei comandi:

    *tasklist -v >processi.txt

    *Il file verra' salvato nella cartella: C:\Documents and Settings

    0
  • E
    User

    Ciao a tutti!!! Ho finalmente risolto i miei problemi... ora il pc funziona perfettamente!!! Il problema originario non si presenta più... IE si apre regolarmente, nella pagina principale da me impostata, il pc resta connesso finchè non lo disconnetto io, non compaiono più avvisi di nessun genere, e la scansione sia in modalità normale che provvisoria non rileva alcuna traccia di virus... grazie mille a tutti, in particolare a Wolf Otakar che mi ha suggerito come risolvere tutti i problemi via via che si presentavano! Penso, nella mia ignoranza, che il problema fosse proprio il famigerato sysrss32, che ora non compare più nella lista dei processi del task manager... infatti finchè c'era quello i virus venivano eliminati ma poi puntualmente si ripresentavano, mentre dopo la sua eliminazione l'antivirus ha cancellato gli ultimi virus entrati e il pc dopo, anche in seguito a nuove connessioni, è rimasto pulito e ha ripreso a funzionare alla perfezione.
    Ancora grazie Wolf Otakar!!! :ciauz:

    0
  • wolf.otakar
    Consiglio Direttivo

    Ciao elliot,
    sono contento che hai risolto! 🙂

    Ho notato tra i log di hijack, che non hai attivo nessun firewall sul tuo pc; attiva per prima cosa quello di win XP e poi scarica ed installa Zone Alarm!

    Installa il service pack 2 per una maggiore protezione.

    ah, dimenticavo: disinstalla Virit!!!

    p.s. IE 😛 ---> passa a Firefox 😄

    :ciauz:

    0
Effettua l'accesso per rispondere